VDB
GCVE-110-OSM-2026-2274
GCVE-110-OSM-2026-2274
Advisory PublishedCVSS 8.8/10
Glassworm threat actor steganographic attack using hidden Unicode variation selectors embedded in server.js. Uses invisible Unicode characters to hide malicious payloads that execute when the file is loaded. Campaign targets supply-chain via compromised repositories.
Malicious payload found in: server.js
Attack vector: Glassworm steganographic attack using hidden Unicode variation selectors
Decoder signature: 0xFE00&&w<=0xFE0F?w-0xFE00:w>=0xE0100&&w<=0xE01EF (extracts hidden commands from variation selector ranges)
Behavior: Embedded JavaScript extracts malicious payloads encoded as Unicode variation selectors (U+FE00-U+FE0F, U+E0100-U+E01EF) that are invisible to human code reviewers but decoded and executed at runtime. Typically used for cryptocurrency theft and credential exfiltration.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Malicious package:
advisory
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.